FreeBSD 11.0 - mail tls auth pop imap
Miroslav Lachman
000.fbsd at quip.cz
Tue Mar 14 11:58:00 CET 2017
Jozef Drahovsky wrote on 2017/03/14 11:36:
> Zakladny mail na portoch 25 az 587 aj autorizacia mi funguje, ale tls
> sluzbu na porte 465 som zatial nerozchodil,
> mozno robim nejaku principialnu chybu. Ma niekto odskusany postup pre
> sendmail a postfix na usetrenie casu?
Konfigurace Postfixu bude zalezet na tom, co od toho pozadujes. Muze to
vypadat takhle
main.cf:
## TLS
smtp_tls_security_level = may
smtp_tls_session_cache_database =
btree:/var/db/postfix/smtp_tls_session_cache
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_cert_file = /usr/local/etc/sslt/mail.example.com.crt
smtpd_tls_key_file = /usr/local/etc/ssl/mail.example.com.key
smtpd_tls_CAfile = /usr/local/etc/ssl/intermediateCA.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/db/postfix/smtpd_tls_session_cache
smtpd_tls_loglevel = 1
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
## used in master.cf for encrypted connections
mua_client_restrictions =
permit_sasl_authenticated
reject
master.cf
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=$mua_client_restrictions
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=$mua_client_restrictions
K tomu si pak jeste do main.cf muzes (mel bys) pridat vhodne restrikce
pro smtpd_client_restrictions smtpd_helo_restrictions
smtpd_sender_restrictions smtpd_recipient_restrictions
Vice info kdyztak mimo konferenci, protoze tohle vlastne vubec nesouvisi
s FreeBSD
> Druha otazka, kde si rad necham poradit, ktory pop a imap dnes pouzit
> (uzivatelia su v passwd)?
>
> Pozeral som packages, niektore veci vypadli, ale aj tak je na vyber viac
> veci:
Kazdy ti poradi to, co vyhovuje jemu. A kazdy bude mit v tom svem pravdu :)
Ja jsem dlouhe roky pouzival Courier-IMAP, ale z meho pohledu dnesnim
narokum uz nedostacuje a tak uz par let zpetne na nove servery nasazuji
Dovecot / Dovecot2. A kde to jde, tam delam i migraci z Courier-IMAPu na
Dovecot.
Mirek
More information about the Users-l
mailing list